Skip to main content

Process forensics

v0.1.3

Deep per-process diagnostics for "why is this process stuck / slow / leaking?" — strace (HIGH RISK; slows the target), pid memory maps, per-thread state, /proc walking, gdb backtrace, full lsof, syscall summary. Read-only — but strace and gdb attach via ptrace and WILL slow the target.

7 allowed by default 3 need approval
Pack ID
process-forensics
Vendor
emisar
OS
linux
Actions
10

Install

emisar pack install validates the pack and verifies its content hash before copying it into /etc/emisar/packs. The --hash below pins the install to the exact bytes on this page — a tampered copy is rejected. After install, reload the runner; it re-reads the catalog and advertises every action.

content hash: sha256:ccc867a0d83c094d754cbc132ec2249d8de0c778989a4bc8fe1d52aa6cc22599

on the runner host
sudo emisar pack install process-forensics \
  --hash sha256:ccc867a0d83c094d754cbc132ec2249d8de0c778989a4bc8fe1d52aa6cc22599 \
  --dest /etc/emisar/packs

# Reload so the runner re-reads the catalog:
sudo systemctl reload emisar

Actions 10 total

View on GitHub